Is open-source Tomcat buggy? No more than 'commercialware'

Tomcat, the Java-based application server that is part of the open Apache Jakarta project, suffers about the same level of defects as proprietary code, according to a survey by Reasoning Inc.

The finding is important, said Jeff Klagenberg, Reasoning's director of product management, because of a belief in the Java development community that the programming language is less error-prone than languages like C and C++.

"We see some of the same types of defects [in Tomcat that] we see in C and C++, which I don't think the Java development community has necessarily known," he said. "There was an expectation that Java removed certain types of defects and they do still exist in the code."

The majority of the defects were null pointer dereference (NPD) errors, which can crash applications, Klagenberg said.

"In Java, of course, you don't have explicit pointers, you have references to objects," he explained. "What happens is those references can be null, they can basically have no data in them. But your application can go to try to look at an object that you are expecting to exist, but which does not exist. It's null and will cause the application to stop running."